Field
An aspect of the present invention relates to a computing device to provide access control to a hardware resource.
Background
In a computing device, such as an automotive System on Chip (SoC) for a system which includes multiple functions such as infotainment, Instrument Cluster, and ADAS (Advanced Driver-Assistance System), applications or software with multiple safety goals such as safety goals classified to different Automotive Safety Integrity Levels (ASILs) according to ISO-26262 may co-exist.
Such applications must be isolated from each other so that those with lower ASIL levels do not contaminate those with higher ASIL levels. These safety tasks may or may not be classified into different security classes; the safety classification of a task is generally orthogonal to its security classification.
Current access control implementations for such automotive SoCs when used for security do not provide any form of safety isolation. For example, something that is secure is not necessarily safe, and vice versa. For example, in an Automotive IVI (In-Vehicle Infotainment) SoC, the payment applications require a high security classification but have no safety requirement. In contrast, the instrument cluster display task requires a medium ASIL (e.g., A or B) classification but has no security requirement. These two tasks could run concurrently. In the general case, a task can have both security and safety requirements. What is needed therefore is a scheme in which both safety and security requirements are used to provide access control.